Background Check Gdpr Legal Basis

 In Non classé

Background checks must be conducted in a legal, fair and transparent manner with respect to the candidate. Before you begin the background check, fully communicate your intentions to the candidate and explain why you are conducting them. Director function – Due diligence to identify past, present and disqualified director positions; and secretarial positions to determine if there is a potential conflict of interest, etc. Education and Credential Verification: Education and Credential Verification validates university degrees, technical education, high school diplomas, and job-specific certifications. Based on the consent of the applicant or the legitimate interest of the employer, it may be lawful to verify that the relevant training for the position is genuine. Did it make a difference that Amazon required its candidates to obtain a criminal record certificate themselves instead of Amazon performing a full criminal record check? No, this is not the case, the AEPD explained: a criminal record certificate can contain sensitive information, including but not limited to criminal convictions, and employers in Spain should refer to restrictions on criminal record checks before requiring their applicants to obtain certificates themselves. The AEPD has decided that the only valid legal basis for the processing of criminal data will be when required by law: legitimate interests cannot constitute a basis for the processing of criminal conviction data under Spanish law. This case also highlighted the nature of consent: while Amazon claimed that the applicants consented to the processing of their data, the AEPD found that since the applicant did not have the opportunity to refuse to consent to the processing of his criminal record data, the consent was therefore neither voluntary nor valid. But companies should also think about compliance. Find out if your background checks are compliant and how you can protect your business from possible violations of the General Data Protection Regulation (GDPR) that can easily result in hefty fines.

Verifying candidates on social media is increasingly one of the first steps in the recruitment process. When verifying the candidate`s « professional »; Profiles, e.g. in LinkedIn, do not constitute a violation of his privacy, browsing private profiles goes beyond acceptable standards, especially since it can lead to discriminatory actions. However, the GDPR also affects how we conduct background checks. Do you work in accordance with the law? For the processing of special categories of data and data on criminal convictions and offences, it would be fair to assume that legal obligations under local laws (which generally only apply to certain positions, such as teachers or certain employees in the financial sector) should be considered as the legal basis, while legitimate interests would be your legal basis in most other situations. In summary, if an employer concludes that (1) the request for a criminal record review is justified, (2) that it has a legitimate reason for the processing in accordance with art. 6 of the GDPR and (3) if it has « official powers » in accordance with Article 10 of the GDPR or was entitled to do so under European or EU Member State law, you may process such personal data as part of a criminal record check. In the UK, employers have obtained limited permission to process such personal data where: (1) the processing is necessary in the course of employment; or (2) the individual has given consent. In most cases, the employer does not have a separate legal basis for carrying out such a background check, so the consent of the person concerned is required. According to the recommendation of the President of the Office for the Protection of Personal Data (PUODO), employers should not contact the school that the candidate attended to confirm the authenticity of the certificates and diplomas presented by the candidate. The documents submitted must constitute sufficient proof of the training.

Given the above recommendations, many universities refuse to provide this information to employers. First Advantage will always inform you, as a data controller, if an applicant contacts us with a « withdrawal of consent » or an objection to further processing of the background check. We will suspend the processing of the file and await your instructions regarding your further action. Avoid creating blacklists as part of background checks, as they are generally considered non-compliant and illegal. While First Advantage cannot help clients make this decision and strongly recommends that each client work with their legal advisor to select the appropriate legal basis, First Advantage considers that « legitimate interests » are most commonly used by EU-based organisations (point 6 above). Based on the candidate`s consent or the employer`s legitimate interest, it may be lawful to verify that the candidate`s professional qualifications relevant to the position are genuine. The GDPR means that we need to take a very close look at how we select new and potential employees. According to the specific terms of the GDPR, background checks are only allowed under very different conditions. This makes selecting new employees particularly complicated, unless you`re recruiting for liberated industries, such as those that work with at-risk adults and children. Professional Qualifications – Standard Checks of Professional Qualifications Relevant to the Role The DBS Code of Conduct states that information disclosed following a criminal record review should only be taken into account for the purposes for which it was obtained. If you rely on a legitimate interest, identify and document the business benefits of background checks, the type of data you want to collect, how and why to balance your business needs with the rights and freedoms of individuals. The first condition probably only applies if there is a legal obligation to screen employees in certain areas of expertise.

For example, UK employers can regularly obtain information about an « unspent conviction » (i.e. a conviction that appears on a basic criminal record check) for certain categories of professional employment such as doctors, lawyers and those who work with minors. However, for other job classes that are not exempt, the employer may only ask the applicant to voluntarily disclose unused convictions or to agree to a basic background check. In practice, most UK employers seek consent. Does the General Data Protection Regulation (GDPR) allow employers to carry out systematic checks on employees` criminal records? As with many things in the GDPR, the answer is more complicated than expected. With clearly defined retention periods, a distinction should generally be made between data to be deleted immediately after the end of the process, such as additional documents or types of information, data to be archived due to strict legal obligations, and other types of data, such as confirmation of the process or final report, which may have to be stored for an additional period (taking into account: that there may be local rules or guidelines of the competent authorities B. that set special conditions for the deletion of data).

Recent Posts

vous pouvez nous envoyer un e-mail et nous vous répondrons dès que possible.

Not readable? Change text. captcha txt